CVE-2023-1980 in Remote Desktop Manager
Summary
by MITRE • 04/11/2023
Two factor
authentication
bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/10/2025
This vulnerability represents a critical authentication bypass flaw in Devolutions Remote Desktop Manager software affecting versions 2022.3.35 and earlier. The issue stems from improper implementation of two-factor authentication controls within the application's user interface, allowing malicious actors or authorized users with sufficient privileges to circumvent the mandatory second authentication factor during login processes. The vulnerability specifically manifests when users can cancel the two-factor authentication workflow through the graphical interface, effectively undermining the security controls designed to protect sensitive remote desktop entries and access credentials.
The technical implementation flaw resides in the application's authentication flow management where the cancellation mechanism for two-factor authentication is not properly validated or restricted. This allows an attacker to terminate the authentication sequence before completing the second factor verification, thereby gaining unauthorized access to protected resources. The vulnerability demonstrates poor input validation and access control implementation, as the system fails to enforce mandatory security requirements through its user interface components. According to CWE classification, this corresponds to CWE-305: Authentication Bypass Through User Interface, which specifically addresses scenarios where authentication mechanisms can be bypassed via interface manipulation or user interaction.
The operational impact of this vulnerability extends beyond simple unauthorized access to encompass potential credential theft, lateral movement within networks, and compromise of sensitive remote desktop connections. Attackers could exploit this weakness to access multiple remote systems and applications that rely on the compromised remote desktop manager for authentication, creating a significant attack surface. The vulnerability affects the core security model of the application by allowing users to bypass the intended multi-factor authentication controls, potentially leading to privilege escalation and unauthorized system access. This represents a critical weakness in the application's defense-in-depth strategy, as it undermines the fundamental security principle that authentication factors must be strictly enforced.
Organizations using Devolutions Remote Desktop Manager should immediately implement mitigations including updating to version 2022.3.36 or later, which addresses this specific bypass vulnerability. Additional protective measures include implementing network-level controls to restrict access to the application, monitoring authentication logs for suspicious cancellation patterns, and enforcing strict access controls through external authentication systems. Security teams should also consider implementing additional layers of authentication such as hardware security keys or biometric factors that cannot be easily bypassed through interface manipulation. The vulnerability aligns with ATT&CK technique T1078.004: Valid Accounts, where adversaries may use legitimate credentials to gain access to systems, and T1566.002: Phishing: Spearphishing Attachment, as the bypass could potentially be facilitated through social engineering attacks that manipulate users into canceling authentication processes. Organizations should also conduct thorough security assessments of their remote access infrastructure to identify similar vulnerabilities in other authentication systems and implement comprehensive monitoring for unauthorized authentication bypass attempts.